Home / Blog / Filter / Blog
Subscribe to INCIBE-CERT - Blog RSS

Blog

Specialized blog with informative contents destined to a public with marked technical profile, in order to improve knowledge and create a culture about the security in Internet.
Post related to: Bastioning procedures
dos hombres con unidades de almacenamiento

System hardening: the case of Linux

Posted on 03/02/2023, by INCIBE
Knowing the resources available when performing tasks of hardening a system, will allow us to optimize the time necessary to obtain a safer system. In addition, we have the possibility of using tools capable of auditing the system that identifies those configurations that are considered safe and which ones we could implement.
Tags: 
Android
Antivirus
Bastioning procedures
Biometrics
Cloud computing
Firewall
Identity management
IDS/IPS
IIoT
Incident
iOS
Linux
Networking
OSINT
SIEM
Social engineering
Virtualization
Windows
Wireless
Factory drawing

Industroyer2, the ampere strikes back

Posted on 02/09/2023, by INCIBE
Confrontations between countries no longer only take place in the physical world, in this new decade, these confrontations also move to the cyber world. The conflict between Russia and Ukraine is one of the clearest examples. Among the events that have taken place is the security incident known as Industroyer2, which affected an electrical supplier in Ukraine. The Industroyer2 is the evolution of its predecessor, the malware known as Industroyer, which was able to affect multiple protocols of industrial control systems during its execution. This new variant of the malware focuses on a particular communications protocol, IEC-104, which is widely used in Europe and the Middle East to monitor and control the power system via the TCP/IP communications protocol.
Tags: 
APT
Bastioning procedures
Best practices
Continuity
Critical infrastructures
Cybercrime
Embedded systems
IIoT
Industrial protocol
SCADA
Smart Grid
Threats
Vulnerability
Windows
hand breaking stone shield

How to prevent an antivirus bypass

Posted on 12/29/2022, by INCIBE
Antivirus is one of the main lines of defence when a user downloads a malicious file or an attacker has gained access to the computer and attempts to execute malware. Cybercriminals use various means to avoid an antivirus, using different tools and techniques depending on their type and functionalities. This article details the techniques commonly used, as well as the protective measures we should take to prevent attackers from executing malware on our computers.
Tags: 
Antivirus
APT
Bastioning procedures
Best practices
Cybercrime
Firewall
Incident
Malware
Pentesting
Threats
Vulnerability
Windows
Context in the measurement of cyberresilience at the national level

Context in the measurement of cyberresilience indicators at the national level

Posted on 10/27/2022, by INCIBE
Organisations are exposed to the consequences of cyber threats, and may be ill-prepared to face and manage cyber incidents, whether provoked or unprovoked. For this reason, in 2014 INCIBE launched its Indicators for the Improvement of Cyber Resilience (IMC) model, with the aim of improving and understanding the state of cyber resilience in organisations.
Tags: 
Bastioning procedures
Best practices
Continuity
Critical infrastructures
Data protection
Policies
Safe development
Studies & stats
Threats
Command and control post

C&C: models, function and measures

Posted on 08/18/2022, by Ricardo del Rio García (INCIBE)
This post explains the infrastructure of command and control (C&C), describing what an attack consists of, related terminology, actions undertaken by attackers, models, general function and preventative measures, detection and response to this threat.
Tags: 
APT
Bastioning procedures
Botnet
Continuity
Critical infrastructures
Cybercrime
Data protection
DrDoS
Firewall
IDS/IPS
Malware
Phishing
Safe development
Services deployment
Threats
Vulnerability
OT DMZ vs IT DMZ

Differences between OT DMZ and IT DMZ

Posted on 08/04/2022, by INCIBE
Demilitarized zones, also known as DMZs (demilitarized zones), are used for the secure exchange of information between computers on a network that we want to protect and an external network that needs to access those computers. DMZs are widely used in the IT sector and also in the OT sector, but the equipment and services they host are not exactly the same.
Tags: 
Bastioning procedures
Best practices
Critical infrastructures
Data protection
Firewall
Honeypot
Industrial Control System
Policies
Safe development
Services deployment
Standard IEC 62443-4-2, the need to secure ISC components

IEC 62443-4-2, the need to secure components

Posted on 05/12/2022, by INCIBE
The security of control systems can be threatened from different aspects, with the end device being the most important attack vector. With this in mind, the IEC, within the 62443 standard, wanted to emphasise devices by preparing a document exclusively concerning their security: IEC62443-4-2. This document contains different technical requirements to improve the security of the types of assets that can be found in a control system.
Tags: 
Bastioning procedures
Best practices
Continuity
Critical infrastructures
Data protection
Incident
Industrial Control System
Industrial protocol
Policies
Safe development
SCADA

Pages